[jdev] [Security] Spoofing of iq ids and misbehaving servers

Mark Doliner mark at kingant.net
Sat Feb 1 18:57:11 UTC 2014

On Sat, Feb 1, 2014 at 6:21 AM, Alexander Holler <holler at ahsoftware.de> wrote:
> I'm able to read. How do you send that reply?

The malicious user is logged into the user's XMPP server with another
account. The reply is sent as a normal IQ reply stanza from the
malicious user's client to the server, and is then routed to the
target user.

More information about the JDev mailing list